CVE-2023-0923

Odh-notebook-controller-container: missing authorization allows for file contents disclosure

CVSS 8.8 HIGHEPSS 0.9%CWE-862

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

15 Sep 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Red Hat · RHODS-1.22-RHEL-8

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2023:0977 https://access.redhat.com/security/cve/CVE-2023-0923 https://bugzilla.redhat.com/show_bug.cgi?id=2171870